discovered that some components of the Flame malware have
been signed by certificates that allow software to appear as if it was
produced by Microsoft. Apparently there is an older cryptography
algorithm that could be exploited and used to sign code to make it appear that it
originated from Microsoft.As a result, Microsoft released Security Advisory 2718704, Unauthorized Digital Certificates Could Allow Spoofing and a security update. The security update revokes the trust of the following intermediate CA certificates:
- Microsoft Enforced Licensing Intermediate PCA (2 certificates)
- Microsoft Enforced Licensing Registration Authority CA (SHA1)
If you do not have automatic updating enabled, the update is available by checking for updates or can be downloaded from Microsoft KB Article 2718704.
References
- MSRC: Microsoft releases Security Advisory 2718704
- Tech Net Advisory: Microsoft Security Advisory (2718704) Unauthorized Digital Certificates Could Allow Spoofing
- Knowledge Base Article: Unauthorized digital certificates could allow spoofing
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.